Permalink
Browse files

frontend: Be pessimistic about arguments

The code to handle -o added two arguments to the final array.
However, longopt allows "-o file" to also be passed as
"--output=file".  This causes one argument to cause two to be added.
This means that we can't have the destination array be the same size
as the original.

I've decided to use the most pessimistic case for allocation, one
where every argument causes two to be added (parrot --output=file1
--output=file2 etc).  Alternative solutions include passing it as
"-o=file" instead and having prt0 handle breaking it apart, but this
is the fastest way to fix the memory overrun.
  • Loading branch information...
1 parent 96ff976 commit 03b3d5fb10dcc61785a269be4e771d85a39c544e @Benabik Benabik committed Jan 26, 2012
Showing with 8 additions and 1 deletion.
  1. +8 −1 frontend/parrot2/main.c
@@ -553,7 +553,11 @@ parseflags(Parrot_PMC interp, int argc, ARGIN(const char *argv[]),
int result = 1;
int nargs = 0;
int i;
- const char **pargs = (const char**)calloc(argc, sizeof (char*));
+
+ // Any option with an argument we handle may split an argument
+ // into two. So be pessimistic with the allocation.
+ int pargs_size = argc * 2;
+ const char **pargs = (const char**)calloc(pargs_size, sizeof (char*));
if (argc == 1) {
usage(stderr);
@@ -683,6 +687,9 @@ parseflags(Parrot_PMC interp, int argc, ARGIN(const char *argv[]),
for (i = opt.opt_index; i < argc; i++)
pargs[nargs++] = argv[i];
+ // Make sure we don't overrun the end of the array
+ PARROT_ASSERT(nargs <= pargs_size);
+
args->argv = pargs;
args->argc = nargs;
}

0 comments on commit 03b3d5f

Please sign in to comment.